<?php
	session_start();
	if (!isset($_SESSION['sesi_login']))
		header("Location:../../index.php");

	@chdir("../../");
	define('ABS_URL',str_replace("\\","/",getcwd()));
	require ABS_URL.'/engine/Smarty.class.php';
	require ABS_URL."/functions/class.query.inc.php";
	$smarty = new Smarty();
	require ABS_URL."/dev_con.inc.php";
	require ABS_URL."/functions/func_file.php";
	$queryData = new queryData();
	$queryData->baseConfig();
	require ABS_URL."/functions/func_content.php";
	require ABS_URL."/langs/".BASE_LANGUAGE.'.inc.php';
	require $queryData->get_curr_dir(dirname(__FILE__))."/langs/".BASE_LANGUAGE.'.inc.php';
	
	$iduser = strip_tags(trim($_POST['iduser']));
	$namauser = mysql_real_escape_string(strip_tags(trim($_POST['namauser'])));
	$alias = mysql_real_escape_string(strip_tags(trim($_POST['alias'])));
	$passuser = trim($_POST['katakunci']);
	$passlagi = trim($_POST['katakuncilagi']);
	$aktivasi = $_POST['aktivasi'];

	if ((isset($_POST['status'])) && (is_array($_POST['type']))) {
		foreach($_POST['type'] as $value) {
			$type_user .= $value."[break]";
		}
	}
	
	$tanggal = date("Y-m-d-H-i-s");

	if ((isset($_GET['act_ver'])) && (strtolower($_GET['act_ver'])=="hapus")) {
		$kode = $_GET['kode'];
		
		$sql = "DELETE FROM tbl_login WHERE id_user='".$kode."'";
		$qry = mysql_query($sql);

		$_SESSION['sesi_ver'] = "User ".$kode." Has been Deleted";
	} elseif (empty($namauser)) {
		$_SESSION['sesi_ver'] = "Username Still empty";
	} elseif (empty($alias)) {
		$_SESSION['sesi_ver'] = "Alias Still empty";
	} elseif ($passuser<>$passlagi) {
		$_SESSION['sesi_ver'] = "Password and Verification is not valid";
	} elseif ((isset($_POST['status'])) && ($_POST['status']=="tambah")) {		
		$pass = md5($passlagi);
		
		$sql = "INSERT INTO tbl_login VALUES(NULL,'".$namauser."','".$alias."','".$pass."','".$aktivasi."','".$type_user."','".$tanggal."','".$tanggal."')";
		$qry = mysql_query($sql);
		
		$sql = "SELECT LAST_INSERT_ID() as id_user FROM tbl_login'";
		$qry = mysql_query($sql);
		$row = mysql_fetch_object($qry);
		$iduser = (int) $row->id_user;

		$sqlQ = "SELECT * FROM x_field WHERE tipe='detail_user'";
		$qryQ = mysql_query($sqlQ);
		while($rowQ = mysql_fetch_object($qryQ)) {
			$arr_find = array(" ","/");
			$arr_replace = array("_","_");
			$name_form = str_replace($arr_find,$arr_replace,strtolower($rowQ->fieldname));
			$rowS = $queryData->selek1("x_fieldvalue","`tipe`='detail_user' AND `fieldname`='".$name_form."' AND id_user='".$iduser."'");
			
			if ($rowS->id_user=="") {
				$sqlD = "INSERT INTO x_fieldvalue VALUES(NULL,'detail_user','".$name_form."','".$_POST[$name_form]."','".$iduser."')";
				$qryD = mysql_query($sqlD);
			} else {
				$sqlD = "UPDATE x_fieldvalue SET fieldvalue='".$_POST[$name_form]."' WHERE `tipe`='detail_user' AND `fieldname`='".$name_form."' AND id_user='".$iduser."'";
				$qryD = mysql_query($sqlD);
			}
		}

		$_SESSION['sesi_ver'] = "User \"".$alias."\" has been added";
	} elseif ((isset($_POST['status'])) && ($_POST['status']=="edit")) {
		$kode = (int) $_POST['kode'];
		if (!empty($passuser)) {
			$pass = md5($passuser);
			$sqlW = "UPDATE tbl_login SET passuser='".$pass."' WHERE id_user='".$kode."'";
			$qryW = mysql_query($sqlW);
		}
		
		$sql = "UPDATE tbl_login SET namauser='".$namauser."', alias='".$alias."', aktivasi='".$aktivasi."', type_user='".$type_user."', tglupdate='".$tanggal."' WHERE id_user='".$kode."'";
		//echo $sql;
		
		$qry = mysql_query($sql);
		
		$sqlQ = "SELECT * FROM x_field WHERE tipe='detail_user'";
		$qryQ = mysql_query($sqlQ);
		while($rowQ = mysql_fetch_object($qryQ)) {
			$arr_find = array(" ","/");
			$arr_replace = array("_","_");
			$name_form = str_replace($arr_find,$arr_replace,strtolower($rowQ->fieldname));
			$rowS = $queryData->selek1("x_fieldvalue","`tipe`='detail_user' AND `fieldname`='".$name_form."' AND id_user='".$kode."'");
			
			if ($rowS->id_user=="") {
				$sqlD = "INSERT INTO x_fieldvalue VALUES(NULL,'detail_user','".$name_form."','".$_POST[$name_form]."','".$kode."')";
				$qryD = mysql_query($sqlD);
			} else {
				$sqlD = "UPDATE x_fieldvalue SET fieldvalue='".$_POST[$name_form]."' WHERE `tipe`='detail_user' AND `fieldname`='".$name_form."' AND id_user='".$kode."'";
				$qryD = mysql_query($sqlD);
			}
		}

		if ($kode==$_SESSION['id_char'])
			$_SESSION['admin_type'] = $type_user;
		$_SESSION['sesi_ver'] = "User \"".$namauser."\" has been updated";
	}
		
	if (isset($_SESSION['sesi_login'])) {
		header("Location:../../?show=".$_GET['show']."&showview=".$_GET['showview']."&act=lihat&limitdown=0");
	} else {
		header("Location:../../index.php");
	};

?>